rule Windows_Exploit_Dcom_7a1bcec7 {
    meta:
        author = "Elastic Security"
        id = "7a1bcec7-e177-4adf-97a7-0d876bf65abc"
        fingerprint = "0abae84599e490056412d5a5ce1868ea118551243377d59cbb6ebd83701769b8"
        creation_date = "2021-01-12"
        last_modified = "2021-08-23"
        threat_name = "Windows.Exploit.Dcom"
        reference_sample = "84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5"
        severity = 100
        arch_context = "x86"
        scan_context = "file"
        license = "Elastic License v2"
        os = "windows"
    strings:
        $a = { 20 62 79 20 46 6C 61 73 68 53 6B 79 20 61 6E 64 20 42 65 6E }
    condition:
        all of them
}

